Floyd
Floyd
Fixes #214 .
Given the string: ``` 2001:0db8:0000:0000:0000:ff00:0042:8329 ``` The following ssdeep hashes are found: `0000:0000:ff00` and `2001:0db8:0000`. I don't want ssdeep hashes to be parsed from ipv6 addresses. Consider removing ipv6 addresses...
When given a string like: ``` Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1) TLP:RED ``` The following user agent is parsed from it: ``` Mozilla/4.0 (compatible;...
The bitcoin grammar may parse md5s starting with `1`, `3`, or md5s/shas starting with `bc1`. This is probably not something we will try to avoid, but is something we should...
Support for `data_types` was added in #219. Update the CLI to be able to accept data_types as well.
Given: ``` https://example.com/mail?url=http%3A%2F%2Ffoobar.com/ ``` Should we expect to find: ``` http://foobar.com/ ``` as a url?
There are some results which are showing duplicate observables ([example 1](https://github.com/fhightower/ioc-finder/pull/211/files#diff-c85ad0461d5ac8f9886b9ac0047e6201ec4009a109c266ddb124e93c865cbcd4R270-R271) [example 2](https://github.com/fhightower/ioc-finder/pull/211/files#diff-09236636d3780fae961f80a72237d6f605f4b822dfc33e90ca3138a708f4773eR164-R170)). Ensure this is expected.
Some ipv6 addresses are parsed as ssdeeps as seen [here](https://github.com/fhightower/ioc-finder/pull/211/files#diff-8d221d35a4e6bd6ba0c279562b0669d2bff30a67513dfb2b2022f06d65341296R19). Validate this is expected.
`.py` is a [valid TLD](https://data.iana.org/TLD/tlds-alpha-by-domain.txt), but also the extension for python files. Is there a better way to handle domains ending with `.py` to differentiate them from python files?